Improving Embedded Operating System Security Part 6: Harden the System Against Attack

By Bill Graham

In the previous posts I’ve discussed various steps that need to be taken in order to improve security, but these are all preventative measures that require validation before a device is ready for market. Enabling the security features of your embedded OS is the first step, but it’s important to test the system continuously throughout development. The importance of security-focused testing can’t be over-emphasized. Testing for security is a different activity than functional testing since the aim is to find and exploit vulnerabilities, often outside the realm of normal operation. Test automation is essential in order to do efficient and thorough security testing. Take a look at a post on this from my colleague Ido Sarig.

Mapping Recommendations to the Best Practices

In light of the recommendations made in the previous posts in this series, it makes sense to look back to the original recommendations and see how these map to the security best practices. It should be noted that these recommendations might only partially fulfill the intent of the best practice rather than satisfy it completely (hence the “*” and not a checkmark!) The best practices should be interpreted as an ongoing goal design and development rather than a checklist.

Best Practice/

Recommendation

Minimize the attack surface

Least privilege

Defense in depth

Diversity in defense

Secure the weakest link

Fail-safe stance

Assume external systems are insecure

Secure by default

Secure Defaults

*

*

*

*

*

*

Secure Network Communication

*

*

*

*

*

Partition Systems

*

*

*

*

*

*

*

Harden Against Attack

*

*

*

*

Secure Boot and Execution

*

*

*

*

*

*

Secure Data and Storage

*

*

*

*

*

Table 1: Shows the relationship between the security recommendation versus the best practices

Summary

For the last 6 posts I’ve been discussing an improvement framework for embedded OS-level security. Obviously, security is more than just this (as I’ve discussed in my previous security series) Security needs to be built into a device from inception to release. However, there are some reasonable steps that can be taken now and on future projects to improve security at the embedded OS level. Following good security practices such as safe defaults, turning off non-essential services and securing data, embedded systems security can be greatly improved. No system is ever completely secure, but improvements can be made now and in the future working towards a better situation than we see ourselves in now.

Wind River Blog Network

The Wind River Blog Network is made up of a variety of voices: executives, technologists and industry enthusiasts. We hope to foster conversations and encourage the sharing of insights regarding the evolving landscape of intelligent, connected systems with our ecosystem of customers, partners and colleagues.